Browser add-ons can enhance a user’s web experience, but they can also open the door for fraudsters to work behind the scenes. Pixalate has uncovered a sophisticated ad fraud practice which is made possible only through the use of a particular Firefox add-on, called IP Flood.

With the IP Flood add-on activated, a single fraudster can spoof thousands of ad calls within seconds, all of which appear to be coming from different domains (some of which are premium) and different user IP addresses.

Learn about the IP Flood ad fraud attack in just two minutes:

How it works

This exploit is conducted via a Firefox add-on, but a similar Chrome browser extension also exists.

The landing page features 8 links to domains. When you click on the domains without theIP Floodadd-on activated, nothing happens.

However, when you activateIP Floodand click on one of the links, a page opens and it assigns anIPaddress and a VAST tag.

The moment the page is loaded, dozens — if not hundreds — of ad calls go out.

Each ad request has a different, uniqueIPaddress, even though all are coming from the same dummy page.

Disclaimer: The content of this blog reflects Pixalate’s opinions with respect to the factors that Pixalate believes can be useful to the digital media industry. Any proprietary data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate’s opinions are just that - opinion, not facts or guarantees.

Per the MRC, “'Fraud' is not intended to represent fraud as defined in various laws, statutes and ordinances or as conventionally used in U.S. Court or other legal proceedings, but rather a custom definition strictly for advertising measurement purposes.”

SUBSCRIBE TO THE PIXALATE BLOG.

THE FIRST STEP IN AD FRAUD PREVENTION.

Your email address is safe with us. We won't spam you or share with anyone.